EP2866174A1 - Génération automatisée et mise à jour dynamique de règles - Google Patents

Génération automatisée et mise à jour dynamique de règles Download PDF

Info

Publication number
EP2866174A1
EP2866174A1 EP20140156556 EP14156556A EP2866174A1 EP 2866174 A1 EP2866174 A1 EP 2866174A1 EP 20140156556 EP20140156556 EP 20140156556 EP 14156556 A EP14156556 A EP 14156556A EP 2866174 A1 EP2866174 A1 EP 2866174A1
Authority
EP
European Patent Office
Prior art keywords
data
rule
data stream
trend
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP20140156556
Other languages
German (de)
English (en)
Inventor
Tanmaya Tewari
Surath Kumar Dey
Swarup Chatterjee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tata Consultancy Services Ltd
Original Assignee
Tata Consultancy Services Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tata Consultancy Services Ltd filed Critical Tata Consultancy Services Ltd
Publication of EP2866174A1 publication Critical patent/EP2866174A1/fr
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5009Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/067Generation of reports using time frame reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters

Definitions

  • the present subject matter in general, relates to trend analysis and, in particular, relates to method(s) and system(s) for automated generation and dynamic update of rules based on data trend analysis.
  • trend analysis relates to comparison of data over a period of time to identify various trends. Due to the widespread availability of data in every field, applications for trend analysis seem almost limitless. For example, trend analysis may be used to forecast information beneficial for growth and development of an organization, such as market trends, sales growth, inventory levels and interest rates. Trend analysis may also be used to monitor computing systems based on a number of software applications running on it. Further, trend analysis can also be used for failure analysis and as an early warning indicator of impending problems.
  • Fig.1 illustrates a network environment implementing a rule generation system, in accordance with an embodiment of the present subject matter.
  • Fig.2 illustrates a method for automated generation and dynamic update of rules based on data trend analysis, in accordance with an embodiment of the present subject matter.
  • System(s) and method(s) for automated generation and update of rules based on data trend analysis can be implemented in a variety of computing devices, such as laptops, desktops, workstations, tablet-PCs, notebooks, portable computers, tablet computers, internet appliances, and similar systems.
  • computing devices such as laptops, desktops, workstations, tablet-PCs, notebooks, portable computers, tablet computers, internet appliances, and similar systems.
  • a person skilled in the art will comprehend that the embodiments of the present subject matter are not limited to any particular computing system, architecture, or application device, as they may be adapted to new computing systems and platforms as they become available.
  • trend analysis techniques are being used in various realms across the globe, for example, for monitoring an environment in order to forecast future events based on historical data.
  • An environment may be understood as any field or platform where trend analysis can be carried out for monitoring and prediction purposes.
  • an organization may opt for trend analysis to monitor their product sales and therefore, to anticipate associated future obstacles. Accordingly, the organization can take preemptive measures to avoid losses.
  • a large amount of data pertaining to the environment has to be handled and processed. For example, to evaluate performance of a computing system, data used by numerous software applications running on the computing system may be retrieved. Based on this data, a trend analysis may be conducted. The trend analysis may assist in determining a cause of any troublesome issue, such as a slow operation of the computing system, on the basis of data that may be used by each software application at different time instances. Therefore, if data used by a software application is exhibiting a substantial change from historical data trend, then an appropriate action may be accordingly taken to fix any issues, and an unhindered and smooth operation of the computing system is ensured.
  • a rule may be understood as a condition set by a user to detect any change in data from historical data trend. For example, a user may define a rule that as soon as amount of data used by a software application exhibits a variation of more than 10% from the historical data trend, an alarm has to be triggered. Similarly, in another example of monitoring of health scenario of a town by public health agencies, a rule may be defined that as soon as death toll of the town undergoes a variation of more than 5% from a historical data trend, an alarm has to be triggered. Therefore, such rules facilitate maintaining an effective track of events pertaining to an environment.
  • the rules are generally defined by a user or a group of users.
  • the user may include, but is not limited to an expert in the corresponding field, and a stakeholder, such as a client for whom a software application is being developed. Therefore, validity and accuracy of the rules are dependent on skill-set of an individual and therefore, a possibility of errors in rule generation can not be negated.
  • the user may have to derive relationships between the data and the corresponding rules to ensure an accurate monitoring of the environment.
  • a large amount of data and multiple rules may have to be defined.
  • the rules may have to be accordingly updated regularly.
  • due to the manual nature of defining of rules a significant amount of efforts have to be put by the user during generation and updating of the rules. Subsequently, such activities may demand substantial amount of time each time. As a result, an overall cost associated with the trend analysis is also significantly increased.
  • a rule generation system for generating and updating rules used for, for example, monitoring an environment based on data trend analysis.
  • the system may obtain at least one data trend corresponding to at least one data stream pertaining to the environment being monitored.
  • a data stream may be understood as time ordered data, and may include, but is not limited to a data value, a time stamp and type of data.
  • the at least one data trend may be understood as a pattern followed by the at least one data stream during a predefined period of time.
  • At least one delta value pertaining to the at least one data stream may be computed.
  • the at least one delta value is indicative of a deviation in the at least one data stream with respect to the at least one data trend at a specific time instance.
  • at least one relationship between a plurality of data streams may be identified based on the at least one data trend and identity metadata associated with each data stream.
  • the identity metadata may be understood as information that provides a unique ID to each data stream.
  • at least one rule may be generated in an automated manner.
  • the at least one rule is indicative of a condition set by a user for tracking the deviation in the at least one data stream.
  • a notification being indicative of the at least one rule being violated may be provided to the user.
  • the notification may include, but is not limited to details pertaining to the rule violation and a suggestion to overcome the rule violation.
  • a rule violation trend may also be identified.
  • the at least one rule may be automatically updated.
  • the system may utilize retrieval metadata for retrieving data pertaining to the environment from the at least one data source.
  • the retrieval metadata may facilitate in identifying a location in the at least one data source, where the data is stored.
  • Examples of the retrieval metadata may include, but is not limited to, a database name, a table name, a database IP, a database port, type of database, a database username, a database password, at least one query for retrieving data, and a retrieval frequency.
  • the at least one data source may include, but is not limited to an external database, an in-house database, and an online portal. Therefore, based on the retrieval metadata, the data may be retrieved from the at least one data source.
  • sampling may be performed to select data for further monitoring of the environment. As may be known, sampling may include selection of a subset of data from within a statistical data to estimate characteristics of entire data.
  • the data retrieved from the at least one data source may be in different formats.
  • the data may be transformed into a format recognizable to the system, such as through natural language processing (NLP).
  • NLP natural language processing
  • the data may be transformed into the at least one data stream.
  • identity metadata may be allotted to each data stream.
  • the identity metadata may provide a unique identity to each data stream.
  • the identity metadata may include, but is not limited to details pertaining to the environment, an application, and a server.
  • the at least one data trend pertaining to the at least one data stream may be identified.
  • the at least one data trend is indicative of a pattern followed by the at least one data stream for the pre-defined period of time.
  • the system may obtain the at least one data trend for computing the at least one delta value.
  • the at least one delta value is a measure of a change in the at least one data stream with respect to the at least one data trend at a specific time instance.
  • the at least one delta value may be computed in the form of a percentage of a data value of the at least one data stream.
  • the system may identify the at least one relationship between the plurality of data streams.
  • the at least one relationship may be identified based on the identity metadata associated with each data stream.
  • the at least one rule may be generated based on the at least one data trend and the at least one relationship.
  • the at least one rule may be understood as a condition set by a user to track the deviation in the at least one data stream. Further, upon violation of the at least one rule, i.e., when the condition is met, a notification may be provided to the user.
  • the system in continuation to the rule violations over a period of time, the system may identify the corresponding rule violation trend.
  • the rule violation trend is indicative of a pattern in which the rule violations have occurred over the period of time.
  • the notification may include, but is not limited to, details pertaining to the rule violation, and a suggestion to overcome the rule violation.
  • the suggestion may relate to termination of one or more software applications for which the at least one rule has violated.
  • the user may respond to the notification by accepting, rejecting, or ignoring the suggestion.
  • Accepting the suggestion is indicative of a validity and accuracy of the at least one rule.
  • rejection of the suggestion is indicative of an invalidity and inaccuracy of the at least one rule and therefore, the at least one rule may be considered invalid.
  • the at least one rule may be updated based on the user response, the at least one data trend, the at least relationship, and the rule violation trend.
  • a performance report may also be generated for providing details pertaining to the automated generation and update of the rules.
  • the rules are generated and updated based on the data trends, the rules are generated and updated considering specific dynamics of an environment ensuring an accuracy and reliability. In other words, revision of the rules based on any change in the data allows the system to be adaptable with dynamic and continuous changes in the environment. Also, by identifying relationship between different data streams, interdependence between various factors pertaining to an environment is utilized for accurate generation of rules. Therefore, the present subject matter facilitates a comprehensive, accurate, time-saving and cost efficient monitoring of an environment using data trend analysis.
  • Fig. 1 illustrates a network environment 100 implementing a rule generation system 102, also referred to as system 102, according to an embodiment of the present subject matter.
  • the system 102 is connected to a network 104. Further, the system 102 is connected to a database 106. Additionally, the network environment 100 includes one or more user devices 108-1, 108-2...108-N, collectively referred to as user devices 108 and individually referred to as user device 108, connected to the network 104.
  • the system 102 can be implemented as any set of computing devices connected to the network 104.
  • the system 102 may be implemented as workstations, personal computers, desktop computers, multiprocessor systems, laptops, network computers, minicomputers, servers, and the like.
  • the system 102 may include multiple servers to perform mirrored tasks for users.
  • the system 102 can be connected to the user devices 108 through the network 104.
  • the user devices 108 include, but are not limited to personal computers, desktop computers, smart phones, PDAs, and laptops.
  • Communication links between the user devices 108 and the system 102 are enabled through various forms of connections, for example, via dial-up modem connections, cable links, digital subscriber lines (DSL), wireless or satellite links, or any other suitable form of communication.
  • DSL digital subscriber lines
  • the network 104 may be a wireless network, a wired network, or a combination thereof.
  • the network 104 can also be an individual network or a collection of many such individual networks interconnected with each other and functioning as a single large network, e.g., the internet or an intranet.
  • the network 104 can be implemented as one of the different types of networks, such as intranet, local area network (LAN), wide area network (WAN), the internet, and such.
  • the network 104 may either be a dedicated network or a shared network, which represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), etc., to communicate with each other.
  • HTTP Hypertext Transfer Protocol
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • the network 104 may include network devices, such as network switches, hubs, routers, host bus adapters (HBAs), for providing a link between the system 102 and the user devices 108.
  • the network devices within the network 104 may interact with the system 102 and the user devices 108 through communication links.
  • the system 102 includes one or more processor(s) 110, interface(s) 112, and a memory 114 coupled to the processor 110.
  • the processor 110 can be a single processing unit or a number of units, all of which could also include multiple computing units.
  • the processor 110 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions.
  • the processor 110 is configured to fetch and execute computer-readable instructions and data stored in the memory 114.
  • the interfaces 112 may include a variety of software and hardware interfaces, for example, interface for peripheral device(s), such as a keyboard, a mouse, an external memory, and a printer. Further, the interfaces 112 may enable the system 102 to communicate with other computing devices, such as web servers, and external data repositories, such as the database 106, in the network environment 100.
  • the interfaces 112 may facilitate multiple communications within a wide variety of protocols and networks, such as a network 104, including wired networks, e.g., LAN, cable, etc., and wireless networks, e.g., WLAN, cellular, satellite, etc.
  • the interfaces 112 may include one or more ports for connecting the system 102 to a number of computing devices.
  • the memory 114 may include any non-transitory computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
  • volatile memory such as static random access memory (SRAM) and dynamic random access memory (DRAM)
  • non-volatile memory such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
  • ROM read only memory
  • erasable programmable ROM erasable programmable ROM
  • flash memories hard disks, optical disks, and magnetic tapes.
  • the system 102 also includes module(s) 116 and data 118.
  • the module(s) 116 include routines, programs, objects, components, data structures, etc., which perform particular tasks or implement particular abstract data types.
  • the module(s) 116 includes a trend analysis module 120, a rule generation module 122, an update module 124, and other module(s) 126.
  • the other module(s) 126 may include programs or coded instructions that supplement applications and functions of the system 102.
  • the data 118 serves as a repository for storing data processed, received, and generated by one or more of the module(s) 116.
  • the data 118 includes, for example, trend analysis data 128, rule generation data 130, and other data 132.
  • the other data 132 includes data generated as a result of the execution of one or more modules in the module(s) 116.
  • the system 102 may facilitate an automated generation and dynamic update of rules based on data trend analysis.
  • the trend analysis module 120 may utilize retrieval metadata for retrieving data from at least one data source.
  • the retrieval metadata may include, but is not limited to a database name, a table name, a database IP, a database port, type of database, a database username, a database password, at least one query for retrieving data, and a retrieval frequency.
  • the at least one data source may include, but is not limited to an external database, an in-house database and an online portal. Therefore, the trend analysis module 120 may retrieve the data on the basis of the retrieval metadata.
  • the trend analysis module 120 may utilize a sample of the data for monitoring of the environment.
  • the trend analysis module 120 may estimate the missing data based on the earlier trends of such data. For example, the trend analysis module 120 may take an average of the data received before the technical problem and the data received after the technical problem to fill in details pertaining to the time period for which the data was not retrieved. Also, in cases, when the retrieved data is faulty or erroneous, then similar techniques can be adapted to estimate such data. Therefore, any inconsistency in retrieval of data may not hamper the overall analysis.
  • the trend analysis module 120 may transform the data into a format recognizable to the system 102.
  • the trend analysis module 120 may transform the data into at least one data stream.
  • the data stream may be understood as time ordered data, and may include, but is not limited to a time stamp, a data value and type of data.
  • the time stamp may indicate time of retrieval of the data from the at least one source.
  • the data value may indicate a numerical value of the data.
  • the type of data may be maintained to specify nature of the data. For example, in case of application monitoring, the data may be infrastructural data, application data and availability data.
  • the trend analysis module 120 may allot identity metadata to each data stream for providing a unique identity to each data stream.
  • the identity metadata may further include, but is not limited to details pertaining to an environment name, an application, a server, and other configuration items. Such details may be utilized to distinguish a data stream from other data streams.
  • the trend analysis module 120 may identify at least one data trend pertaining to the at least one data stream. The at least one data trend is indicative of a pattern followed by the at least one data stream for a pre-defined period of time. The at least one data trend may assist in determining an average of the data value of the at least one data stream at a specific time instance.
  • the at least one data trend may assist in determining a maximum and a minimum data value of the at least one data stream during a specified time period.
  • Table 1 showing a data trend of a percentage Central Processing Unit (CPU) utilization by a software application is provided below.
  • CPU utilization by the software application at different time instances for a duration of 10 days is analyzed. Further, an average of the CPU utilization may also be computed based on the at least one data trend shown in the table 1.
  • an average value is utilized for determining the at least one data trend in the table, however, in other implementations, the at least one data trend may be determined in terms of parameters other than an average or a mean value. For example, the at least one data trend may be determined in terms of a variance or a standard deviation from a mean value.
  • the trend analysis module 120 may update the at least one data trend as and when new data is retrieved from the at least one data source. In one implementation, details pertaining to the trend analysis module 120 may be stored in the trend analysis data 128.
  • the rule generation module 122 may obtain the at least one data trend for computation of at least one delta value pertaining to the at least one data stream.
  • the at least one delta value may be understood as a deviation in the at least one data stream with respect to the at least one data trend at a specific time instance.
  • the rule generation module 122 may compute the at least one delta value in form of a percentage of a data value of the at least one data stream. For example, if a data value of a data stream is 30, and the data value exhibits a deviation of a data value 6, then a corresponding delta value may be computed as 20%.
  • the rule generation module 122 may identify at least one relationship between a plurality of data streams.
  • a data stream A may indicate data used by a software application at different time instances.
  • a data stream B may relate to percentage CPU utilization by the software application at different time instances.
  • the percentage CPU utilization by the software application at a specific time instance may vary in proportion to the data used by the software application at the specific time instance. Therefore, any change in the data stream A may lead to a corresponding change in the data stream B.
  • the rule generation module 122 may identify the at least one relationship based on the at least one data trend and the identity metadata corresponding to each data stream.
  • the rule generation module 122 may compare the identity metadata to establish at least one relationship between the pluralities of data streams. In one implementation, the rule generation module 122 may identify at least one relationship between the at least data trend and previously generated rules. Such an identification may assist in determining an effect of a violation of a rule on different data trends.
  • the rule generation module 122 may generate at least one rule.
  • the at least one rule is indicative of a condition set by a user to track a deviation in the at least one data stream.
  • the user may include, but is not limited to an expert in the corresponding field, and a stakeholder.
  • the rule generation module 122 may generate the at least one rule to monitor a threshold violation at a specific time instance. For example, the rule generation module 122 may generate a rule that a delta value of a data stream should not exhibit a deviation of more than 10%. In such an example, as soon as the delta value of the data stream undergoes a variation of more than 10%, the rule is considered to be violated. In one implementation, a rule may be considered to be violated, when a condition set by the rule is satisfied or met.
  • the rule generation module 122 may generate the at least one rule to monitor a threshold violation in a pre-defined duration of time. For example, the rule generation module 122 may generate a rule that a delta value of a data stream deviates more than 10% between 2PM to 4PM. Therefore, as and when the delta value exhibits a variation of more than 10% between 2PM and 4PM, the rule is considered to be violated. In another implementation, the rule generation module 122 may generate the at least one rule to monitor consecutive events of threshold violation. For example, the rule generation module 122 may generate a rule that a delta value of a data stream deviates more than 10% for five consecutive data values. Therefore, as and when the delta value exhibits a variation of more than 10% for five consecutive data values, the rule is considered to be violated. In a yet another implementation, the rule generation module 122 may generate a rule with any combination of the abovementioned conditions.
  • the rule generation module 122 may also generate complex rules utilizing the at least one relationship between the plurality of data streams. For example, the rule generation module 122 may generate a rule that a delta value A of a data stream 1 deviates by 10% and a delta value B of a data stream 2 deviates by 5%. Therefore, when both these conditions are met, the rule is considered to be violated.
  • the rule generation module 122 may provide a notification to the user to indicate the violation of the at least one rule.
  • the notification may include, but is not limited to details pertaining to the rule violation, an action and a suggestion to overcome the rule violation.
  • the action may include, but is not limited to an "accept", a "reject” and an "ignore” tab allowing the user to respond to the notification by accepting, rejecting or ignoring the notification.
  • the user accepts the suggestion it may indicate that the at least one rule is accurate and valid.
  • the user rejects the suggestion it may indicate that the at least one rule is inaccurate and invalid.
  • details pertaining to the rule generation module 122 are stored in the rule generation data 130.
  • the update module 124 may identify a rule violation trend pertaining to the violations of the at least one rule over a predetermined period of time.
  • the rule violation trend may be understood as a pattern in which the at least one rule is violated.
  • the update module 124 may update the at least one rule. Therefore, the at least one rule may keep getting updated based on a change in the rule violation trend, the at least one relationship, the at least one data trend and the user response.
  • the update module 124 may generate a performance report for providing details pertaining to the automated generation and update of the rules to the user.
  • the performance report may include, but is not limited to the at least one data trend, the at least one delta value, the at least one relationship, the at least one rule, the at least one rule violation trend, and details pertaining to the revisions of the at least one rule.
  • details pertaining to the update module 124 may be stored in the rule generation data 130.
  • Fig. 2 illustrates a method 200 for automated generation and dynamic update of rules based on data trend analysis, according to one embodiment of the present subject matter.
  • the method 200 may be implemented in a variety of computing systems in several different ways.
  • the method 200, described herein, may be implemented using a rule generation system 102, as described above.
  • the method 200 may be described in the general context of computer executable instructions.
  • computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types.
  • steps of the method can be performed by programmed computers.
  • program storage devices e.g., digital data storage media, which are machine or computer readable and encode machine-executable or computer-executable programs of instructions, wherein said instructions perform some or all of the steps of the described method 200.
  • the method 200 may facilitate an automated generation and dynamic update of rules based on data trend analysis.
  • data may be retrieved from at least one data source based on retrieval metadata.
  • the at least one data source may include, but is not limited to an external database, an in-house database and an online portal.
  • the retrieval metadata may include, but is not limited to a database name, a table name, a database IP, a database port, type of database, a database username, a database password, at least one query for retrieving data, and a retrieval frequency.
  • a sample of the data may be utilized for monitoring of the environment.
  • the data may not be retrieved for a period of time.
  • the missing data may be estimated based on the earlier trends of such data. For example, an average of the data received before the technical problem and the data received after the technical problem may be computed and considered to fill in details pertaining to the time period for which the data was not retrieved. Therefore, any inconsistency in retrieval of data may not hamper the overall analysis.
  • the data retrieved from the at least one data source may be transformed into a format recognizable to the system 102.
  • the data may be retrieved in a raw format, and then may be transformed into at least one data stream.
  • a data stream may be understood as time ordered data. Each data stream may include, but is not limited to a time stamp, a data value and type of data.
  • identity metadata may be allotted to each data stream for providing a unique identity to each data stream.
  • the identity metadata may further include, but is not limited to details pertaining to an environment name, an application, a server, and other configuration items.
  • at least one data trend pertaining to the at least one data stream may be identified.
  • the at least one data trend is indicative of a pattern followed by the at least one data stream for a pre-defined period of time.
  • the at least one data trend may be updated as and when new data is retrieved from the at least one data source.
  • the at least one data trend may be obtained for computation of at least one delta value pertaining to the at least one data stream.
  • the at least one delta value is indicative of a deviation in the at least one data stream with respect to the at least one data trend at a specific time instance.
  • the at least one delta value may be computed in form of a percentage of a data value of the at least one data stream.
  • the rule generation module 122 of the system 102 may obtain the at least one data trend.
  • At block 204 upon computation of the at least one delta value, at least one relationship between a plurality of data streams may be identified.
  • the at least one relationship may be identified based on the at least one data trend and the identity metadata corresponding to each data stream.
  • the identity metadata pertaining to each data stream may be compared to establish the at least one relationship between the plurality of data streams.
  • the rule generation module 122 of the system 102 may identify the at least one relationship between the plurality of data streams based on the at least one data trend and the identity metadata.
  • At block 206 based on the computation of the at least one delta value and the identification of the at least one relationship, at least one rule may be generated.
  • the at least one rule may be understood as a condition set by a user to track a deviation in the at least one data stream.
  • the user may include, but is not limited to an expert in the corresponding field, and a stakeholder.
  • the at least one rule may be generated to monitor a threshold violation at a specific time instance. For example, a rule may be generated that a delta value of a data stream exhibits a deviation of more than 15%. Therefore, as soon as the delta value of the data stream exhibits a variation of more than 15%, the rule is considered to be violated as the condition has met.
  • the at least one rule may be generated to monitor a threshold violation in a pre-defined duration of time. Further, the at least one rule may be generated to monitor consecutive events of threshold violation. In one implementation, the at least one rule may be generated with any combination of the abovementioned conditions. In another implementation, complex rules may be generated utilizing the at least one relationship between the plurality of data streams.
  • a notification may be provided to the user to indicate the violation of the at least one rule.
  • the notification may include, but is not limited to details pertaining to the rule violation, an action and a suggestion to overcome the rule violation.
  • the action may include, but is not limited to an "accept", a "reject” and an "ignore” tab allowing the user to respond to the notification by accepting, rejecting or ignoring the notification.
  • a validity and accuracy of the at least one rule may be established based on the user response.
  • the rule generation module 122 of the system 102 may generate the at least one rule based on the at least one delta value and the at least one relationship.
  • a rule violation trend pertaining to the violations of the at least one rule may be identified over a predetermined period of time.
  • the rule violation trend may be understood as a pattern in which the at least one rule is violated.
  • the update module 124 of the system 102 may identify the rule violation trend.
  • the at least one rule may be updated on the basis of the user response, the at least one data trend, the at least one relationship and the rule violation trend. Further, the at least one rule may keep updating based on a change in the rule violation trend, the at least one relationship, the at least one data trend and the user response.
  • a performance report may be generated for providing details pertaining to the automated generation and update of the rules to the user. The performance report may include, but is not limited to the at least one data trend, the at least one delta value, the at least one relationship, the at least one rule, the at least one rule violation trend, and details pertaining to the revisions of the at least one rule.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Environmental & Geological Engineering (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Databases & Information Systems (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Economics (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Debugging And Monitoring (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Testing And Monitoring For Control Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
EP20140156556 2013-10-25 2014-02-25 Génération automatisée et mise à jour dynamique de règles Withdrawn EP2866174A1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
IN3382MU2013 IN2013MU03382A (fr) 2013-10-25 2013-10-25

Publications (1)

Publication Number Publication Date
EP2866174A1 true EP2866174A1 (fr) 2015-04-29

Family

ID=50189515

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20140156556 Withdrawn EP2866174A1 (fr) 2013-10-25 2014-02-25 Génération automatisée et mise à jour dynamique de règles

Country Status (9)

Country Link
US (1) US10904126B2 (fr)
EP (1) EP2866174A1 (fr)
JP (1) JP6457777B2 (fr)
CN (1) CN104572795B (fr)
AU (2) AU2014200843A1 (fr)
BR (1) BR102014026558A2 (fr)
HK (1) HK1208545A1 (fr)
IN (1) IN2013MU03382A (fr)
MX (1) MX369322B (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262637B (zh) * 2015-09-08 2019-01-22 电子科技大学 一种基于相对位置度量的网络异常检测方法
EP3200080B1 (fr) * 2015-12-16 2021-12-22 Tata Consultancy Services Limited Procédés et systèmes de détection suspecte de mémoire
US11137987B2 (en) 2016-08-22 2021-10-05 Oracle International Corporation System and method for automated mapping of data types for use with dataflow environments
CN108074021A (zh) * 2016-11-10 2018-05-25 中国电力科学研究院 一种配电网风险辨识系统及方法
US20180247219A1 (en) * 2017-02-27 2018-08-30 Alcatel-Lucent Usa Inc. Learning apparatus configured to perform accelerated learning, a method and a non-transitory computer readable medium configured to perform same
US11574287B2 (en) 2017-10-10 2023-02-07 Text IQ, Inc. Automatic document classification

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1500009A4 (fr) 2001-10-23 2006-02-15 Electronic Data Syst Corp Systeme et procede de gestion de contrats au moyen de l'exploration de texte
US20030110103A1 (en) * 2001-12-10 2003-06-12 Robert Sesek Cost and usage based configurable alerts
US20030208537A1 (en) * 2002-05-01 2003-11-06 Lane James K. Real-time data collection and distribution among office productivity software applications
US7322030B1 (en) * 2003-06-09 2008-01-22 Iso Strategic Solutions, Inc. Method and system for software product generation and maintenance
US8185348B2 (en) * 2003-10-31 2012-05-22 Hewlett-Packard Development Company, L.P. Techniques for monitoring a data stream
JP4412031B2 (ja) * 2004-03-31 2010-02-10 日本電気株式会社 ネットワーク監視システム及びその方法、プログラム
WO2007008940A2 (fr) * 2005-07-11 2007-01-18 Brooks Automation, Inc. Systeme intelligent de surveillance d'etat et de diagnostic de panne pour une maintenance preventive
US7395187B2 (en) * 2006-02-06 2008-07-01 International Business Machines Corporation System and method for recording behavior history for abnormality detection
US7904433B2 (en) * 2007-10-09 2011-03-08 O2Micro International Limited Apparatus and methods for performing a rule matching
US20090234623A1 (en) 2008-03-12 2009-09-17 Schlumberger Technology Corporation Validating field data
US20090300207A1 (en) * 2008-06-02 2009-12-03 Qualcomm Incorporated Pcc enhancements for ciphering support
JP5496417B2 (ja) * 2011-05-11 2014-05-21 三菱電機株式会社 情報処理装置及び情報処理方法及びプログラム
US8661125B2 (en) * 2011-09-29 2014-02-25 Microsoft Corporation System comprising probe runner, monitor, and responder with associated databases for multi-level monitoring of a cloud service
JP6055285B2 (ja) * 2012-11-19 2016-12-27 株式会社東芝 データ保全装置およびその方法、システム
CN105308657A (zh) * 2013-04-23 2016-02-03 卡纳里连接公司 安全和/或监测设备及系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
No relevant documents disclosed *

Also Published As

Publication number Publication date
AU2014200843A1 (en) 2015-05-14
US10904126B2 (en) 2021-01-26
CN104572795A (zh) 2015-04-29
AU2020203735B2 (en) 2021-04-15
CN104572795B (zh) 2020-01-14
US20150120912A1 (en) 2015-04-30
MX369322B (es) 2019-11-05
HK1208545A1 (en) 2016-03-04
AU2020203735A1 (en) 2020-06-25
BR102014026558A2 (pt) 2016-10-11
JP6457777B2 (ja) 2019-01-23
MX2014012857A (es) 2017-07-03
JP2015109074A (ja) 2015-06-11
IN2013MU03382A (fr) 2015-07-17

Similar Documents

Publication Publication Date Title
AU2020203735B2 (en) Automated generation and dynamic update of rules
WO2020259421A1 (fr) Procédé et appareil de surveillance de système de service
CN107766299B (zh) 数据指标异常的监控方法及其系统、存储介质、电子设备
CN111064614B (zh) 一种故障根因定位方法、装置、设备及存储介质
US10467533B2 (en) System and method for predicting response time of an enterprise system
WO2019051951A1 (fr) Procédé et appareil de surveillance de données de service, dispositif terminal et support de stockage
US20160196174A1 (en) Real-time categorization of log events
WO2016138830A1 (fr) Procédé et appareil pour reconnaître un comportement à risque
US9817742B2 (en) Detecting hardware and software problems in remote systems
US20130232369A1 (en) Inferred electrical power consumption of computing devices
CN103069749B (zh) 虚拟环境中的问题的隔离的方法和系统
US20170034001A1 (en) Isolation of problems in a virtual environment
RU2716029C1 (ru) Система мониторинга качества и процессов на базе машинного обучения
US9489379B1 (en) Predicting data unavailability and data loss events in large database systems
US20180307218A1 (en) System and method for allocating machine behavioral models
US8924537B2 (en) Business processes tracking
CN112416896A (zh) 数据异常的报警方法和装置、存储介质、电子装置
CN113934595A (zh) 数据分析方法及系统、存储介质及电子终端
CN113656452A (zh) 调用链指标异常的检测方法、装置、电子设备及存储介质
US20160164714A1 (en) Alert management system for enterprises
US20130151691A1 (en) Analyzing and Reporting Business Objectives in Multi-Component Information Technology Solutions
CN117391261B (zh) 一种基于低功耗超声波测量的物联网ai智慧水务系统
EP3173990A1 (fr) Système et procédé de prédiction d'évènement
CN117421337B (zh) 数据采集方法、装置、设备及计算机可读介质
CN117714988A (zh) 用于用户设备定位的方法、装置、电子设备、存储介质

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20140225

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20151030